Set up an lxc container with google chrome so it runs confined but displays on localhost.

google-chrome-lxc.sh

#!/bin/bash
# Set up an lxc container with google chrome so it runs confined but displayed on the
# localhost.
# Adapted from https://blog.simos.info/how-to-run-graphics-accelerated-gui-apps-in-lxd-containers-on-your-ubuntu-desktop/
# Assume setguid/setid for root is properly setup
# root:1000:1
# Assume aptcache profile exists, see https://gist.github.com/Roadmaster/754110f3f49fef19ec89ae29f29edd11

LXC_NAME=chrome-container

# Use the host's Ubuntu release so they can both leverage cached packages
this=$(lsb_release -r -s)
lxc launch -p default -p aptcache ubuntu:${this} $LXC_NAME
for i in $(seq 20); do
    # Wait for an ipv4 connection
    lxc info $LXC_NAME | grep "eth0:\sinet\s" && break
    sleep 1
    echo -n "."
done

lxc exec $LXC_NAME -- apt -y update
lxc exec $LXC_NAME -- apt -y install x11-apps mesa-utils alsa-utils
lxc config set $LXC_NAME raw.idmap "both $UID 1000"
lxc config device add $LXC_NAME X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
lxc config device add $LXC_NAME Xauthority disk path=${XAUTHORITY} source=/home/${USER}/.Xauthority
lxc exec $LXC_NAME -- wget -c https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
lxc exec $LXC_NAME -- dpkg --install google-chrome-stable_current_amd64.deb || true
lxc exec $LXC_NAME -- apt install -fy
echo "export DISPLAY=:0; google-chrome" | lxc exec $LXC_NAME -- tee /usr/local/bin/run-chrome
lxc exec $LXC_NAME -- chmod 755 /usr/local/bin/run-chrome
lxc restart $LXC_NAME
echo "To run chrome, do this:"
echo "lxc exec $LXC_NAME -- sudo -iu ubuntu run-chrome"